Overview

overview

10

Static

static

1

0a0a6608a8...50.cmd

windows7-x64

1

0a0a6608a8...50.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.zip

  • Size

    370KB

  • Sample

    240630-lyxw2awcnf

  • MD5

    8edb52503d1c2c3bf1272cc02358c1b9

  • SHA1

    f170f6fcbe60f0771f3c6230baf52729d50b3094

  • SHA256

    a085c799fa8f7c6cab620987327ea260551af5da063ec43f1dbcd3af71db0a37

  • SHA512

    732a9685d7e51f2d82adf4c422b6bc1272e50becba3b617977f6c22026b14a1b9622aa19cf6d344714c851bbab3ae364402c232bbce80fca3fed8ee807683ec3

  • SSDEEP

    6144:UI0i0qGZvLo4VkAbZjMsTmOSwRnds7vj92NMIpKp+JBGtG3tUcdHZoWeO:UIRyvLhVLb5TmOSwRS92NMITBGQU8oW9

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

korkos.now-dns.net:999

Mutex

PloDJK2PhSuWy8rU

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd

    • Size

      500KB

    • MD5

      6e45850d43bde1d6bc68ab6b07daf153

    • SHA1

      427ed64bb89e6bf40e59276768d37152c209e976

    • SHA256

      0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150

    • SHA512

      e44ea25026d2146991e61eb82ed6028af248fb9235b271f665943b432833e3274a3e9ae9ffc912436b294e6a450337cbd251daafad11c926a41cc942042b4f81

    • SSDEEP

      12288:Co8xbtgA4f9Ek3aoC4QvfD2ZK1n6B4XyZYi9lGUnnQ:Co8NtsaCm1nhqD9ginQ

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks